[issue46577] Hostname spoofing via backslashes in URL

Karthikeyan Singaravelan added the comment: This seems to be similar to https://bugs.python.org/issue35748 -- nosy: +xtreak ___ Python tracker ___

[issue46577] Hostname spoofing via backslashes in URL

New submission from Dashmeet Kaur Ajmani : A URL's hostname can be spoofed by using a backslash (\) character followed by an at (@) character. If the hostname is used in security decisions, the decision may be incorrect. Impact: Depending on library usage and attacker intent, impacts may incl